REMARKS 

1. Claims 1-40 were pending in this application. Claims 1, 2, 8, 9, 15, 16, 17, 
18, 29, 30, 31, and 36 have been amended. New claims 41-50 have been added. 
No claims have been canceled. Therefore, claims 1-50 are now pending in this 
application. 

2. During a telephone conversation on January 8, 2003, the Examiner and 
Mr. Jeffrey Klayman discussed various proposed claim amendments and the 
differences between the invention as claimed and the prior art of record. No 
decision was made regarding allowable subject matter at that time. 

3. The Examiner rejected claims 1-40 under 35 U.S.C. 103(a) as being 
unpatentable over Pare Jr. et al. (U.S. Patent No. 6,154,879) and further in view of 
Bianco et al. (U.S. Patent No. 6, 256, 737), hereinafter "Pare" and "Bianco/' 
respectively. 

4. Applicant has amended claims 1, 2, 8, 9, 15, 16, 17, 18, 29, 30, 31, and 36, 
and has added new claims 41-50. The claim amendments, as well as the new 
claims, are supported in the specification, and add no new matter. A copy of the 
amended claims showing all deletions and/ or additions is attached below. 
Deleted text is enclosed within brackets, while added text is underlined. 

5. Applicants respectfully submit that the pending claims are patentable 
over Pare and Bianco. 

Various embodiments of the present invention provide for a user- 
maintained personal information registration system. Each user provides 
personal information and physiological identifiers, and the personal information 
and representations of the physiological identifiers are stored in a data set in a 
database. Integrity of the personal information is maintained by permitting 
modification of a particular user's personal information only by that user. This 
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10), and that this re-enrollment step can be usefully incorporated into banking 
and financial transaction systems such as those of Pare. This re-enrollment step 
generally causes modification of the physiological information in a user's data 
set. This re-enrollment step, however, does not involve modification of the 
user's personal information in the data set. Furthermore, in Bianco, modification 
of a user's personal information is not restricted to only the specific user, as in 
the present invention. The subject application discusses a similar re-enrollment 
step for updating the physiological information in the data set, and also 
discusses periodic updates of the user's personal information in the data set. 

Thus, independent claims 1, 17, 29, 30, 31, 36, and 39 are allowable over 
Pare and Bianco. Dependent claims 2-16, 18-28, 32-35, 37, 38, and 40 are directed 
toward such things as additional types of user information (e.g., medical or 
emergency information), various types of physiological identifiers, various 
conditions for authenticating a subject, updating personal information, and 
various types of transactions. Because a dependent claim is deemed to include 
all of the limitations of its base claim and any intervening claim, Applicants 
respectfully submit that dependent claims 2-16, 18-28, 32-35, 37, 38, and 40 are 
also patentable over Pare and Bianco. 

6. Applicants respectfully submit that new dependent claims 41-50 are 
patentable over Pare and Bianco. 

New claims 41 and 42 are directed toward reducing the risk of identity 
theft by retaining a representation of a physiological identifier provided by a 
subject if there is an insufficient match and providing access to the retained 
representation of the physiological identifier by a law enforcement official (see 
Page 9, line 31 through Page 10, line 7 and Page 17, lines 2-18). 

New claims 43-46 are directed toward permitting a third party to view a 
user's personal information without having to provide physiological identifiers 
and without having to be authenticated as the user (see Page 17, line 19 through 
Page 18, line 7). 
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New claims 47-50 are directed toward providing each user with a token 
that includes an identifier that, when presented to the database by a third party, 
enables the third party to access but not modify a user's information (see Page 
17, line 25 through Page 18, line 1). 

Because a dependent claim is deemed to include all of the limitations of its 
base claim and any intervening claim, Applicants respectfully submit that 
dependent new claims 41-50 are patentable over Pare and Bianco. 

7. Claims 1-50 are pending in this application. All pending claims are 
believed to be in a form suitable for allowance. Therefore, the application is 
believed to be in a condition for allowance. The Applicant respectfully requests 
early allowance of the application. The Applicant requests that the Examiner 
contact the undersigned, Jeffrey T. Klayman, if it will assist further examination 
of this application. 



BROMBERG & SUNSTEIN LLP 

125 Summer Street 

Boston MA 02110-1618 

Tel: 617 443 9292 Fax: 617 443 0004 



234802 



Respectfully submitted, 




Jeffrey T. Klayman 
Registration No. 39,250 
Attorney for Applicants 
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AMENDED CLAIMS WITH CHANGES 



1. (Twice amended) A method of administering registration of personal 
information in a data base in a manner tending to assure integrity of [data] the 
personal information therein, the method comprising: 

a. obtaining, from each user with respect to whom data is to be placed in the 
data base, personal information of such user, the content of such personal 
information initially established by such user in an enrollment phase. 

b. also obtaining [in the enrollment phase] , from each such user, a first set 
of physiological identifiers associated with such user , the first set of 
physiological identifiers initially provided by such user in the enrollment 
phase; 

c. storing, in a digital storage medium, a data set pertinent to such user, the 
data set including such user's personal information and a representation of the 
physiological identifiers associated with such user; and 

d. permitting a subject to modify a user's personal information in the stored 
data set pertinent to such user only if (i) the subject provides a new set of 
physiological identifiers and (ii) it is determined, by recourse to the stored data 
set, that there is a sufficient match between at least one member in the new set 
and a corresponding member of the first set, so that the subject is authenticated 
as such user. 
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2. (Twice amended) A method according to claim 1, further comprising 
obtaining from such user such user's medical information, [and] wherein the 
data set includes such user's medical information , and permitting a subject to 
modify a user's medical information in the stored data set pertinent to such 
user only if (i) the subject provides a new set of physiological identifiers and 
(ii) it is determined, by recourse to the stored data set that there is a sufficient 
match between at least one member in the new set and a corresponding 
member of the first set so that the subject is authenticated as such user . 

8. (Twice amended) A method according to claim 1, wherein the first set 
includes at least one member selected from the group consisting of a fingerprint 
of such user and [an] the configuration of an iris in an eye of such user and at 
least one member selected from the group consisting of characteristics of 
utterances of such user and the appearance of such user's face. 

9. (Amended) A method according to [claim 1] any of claims 1 and 2, 
wherein, pursuant to step (d), [a] the subject is permitted to modify the user's 
information in the stored data set only if the subject provides the new set of 
physiological identifiers under a condition permitting verification, independent 
of the physiological identifiers, that the new set is being provided by the person 
purporting to provide them. 
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15. (Twice amended) A method according to claim 1, further comprising: 
prompting each user, on a periodic basis, to update the user's personal 
information in the data set pertinent to such user. 

16. (Twice amended) A method [for authenticating a user transaction] 
according to claim 1, [the method] further comprising: 

obtaining a test set of physiological identifiers from a subject purporting 
to be a specific user; 

accessing information in the data set pertinent to the specific user [stored 
in accordance with the method of claim 1]; and 

determining if there is a sufficient match between at least one member in 
the test set and a corresponding physiological identifier represented in the data 
set. 

17. (Twice amended) A method for authenticating a user transaction, the 
method comprising: 

obtaining a test set of physiological identifiers from a subject purporting 
to be a specific user; 

accessing information in a first data set pertinent to the specific user 
stored in a registration data base, the data base containing information provided 
by multiple users in a separate data set for each user, each data set of a specific 
user including (i) personal information, of the specific user, that has been 
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established by the specific user, and (ii) a representation of a first set of 
physiological identifiers, associated with the specific user, that has been 
provided by the specific user, the data base being maintained under conditions 
wherein modification by a subject of a user's personal information in a stored 
data set pertinent to the specific user is permitted only if (i) the subject provides a 
new set of physiological identifiers and (ii) it is determined, by recourse to the 
stored data set, that there is a sufficient match between at least one member in 
the new set and a corresponding member of the first set, so that the subject is 
authenticated as the specific user; and 

determining if there is a sufficient match between at least one member in 
the test set and a corresponding physiological identifier represented in the data 
set. 

18. (Amended) A method according to claim 17, wherein: 

the database is accessible via a server at a first location; 

obtaining the test set of physiological identifiers is performed at a second 

location remote from the first location; 

determining if there is a sufficient match includes communicating with the server 
from the second location over a network. 
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29. (Twice amended) A digital storage medium on which has been recorded 
a multi-user personal information data base, the data base comprising, for each 
specific user, a data set pertinent to the specific_user, the data set including: 

(a) the specific user's personal information obtained from the specific 

user; 

(b) a representation of a first set of physiological identifiers associated 
with the specific user; and 

(c) the specific user's emergency information obtained from the 
specific user; 

the storage medium being maintained under conditions wherein modification by 
a subject of such personal and emergency information in a stored data set 
pertinent to the specific user is permitted only if (i) the subject provides a new set 
of physiological identifiers and (ii) it is determined, by recourse to the stored 
data set, that there is a sufficient match between at least one member in the new 
set and a corresponding member of the first set, so that the subject is 
authenticated as the specific user. 

30. (Amended) A system for updating a personal information database 
containing a data set for each one of multiple users, each data set including a 
user's personal information and a representation of a first set of physiological 
identifiers associated with the user, the system comprising: 



a. a physiological identifier transducer having an output representing 
a physiological identifier associated with a subject; 

b. a user access authorization module, coupled to the physiological 
identifier transducer!,] and to the database, for determining whether the output 
of the physiological identifier transducer sufficiently matches the representation 
of the first set of physiological identifiers, so that the subject is authenticated as 
the user; 

c. a user data set access module, coupled to the user access 
authorization module and to the database, for accessing the user data set, in the 
event that the user access authorization module has authenticated the subject as 
the user; and 

d. a user data set update module, coupled to the database , to the user 
data set access module, and to a user input, permitting the user to update such 
user's personal information in the corresponding data set in the database in the 
event that the user data set access module has provided access to the user data 
set . 

r 

31. (Twice amended) A system for authenticating transactions, the system 
comprising: 

a. a multi-user personal information data base, the data base comprising, for 
each specific user, a data set pertinent to the specific user, the data set including: 



(i) personal information, of the specific user, that has been established by the 
specific user; 

(ii) a representation of a first set of physiological identifiers, associated with 
the specific user, that has been provided by the specific user; 

the data base being maintained under conditions wherein modification by a 
subject of a user's personal information in a stored data set pertinent to the 
specific user is permitted only if (i) the subject provides a new set of 
physiological identifiers and (ii) it is determined, by recourse to the stored data 
set, that there is a sufficient match between at least one member in the new set 
and a corresponding member of the first set, so that the subject is authenticated 
as the specific user; 

b. a multiplicity of remotely distributed terminals in communication with 
the data base, each terminal including a physiological identifier transducer and a 
communication link with a merchant; and 

c. an authenticity checker, which determines whether there is a sufficient 
match between the output of a physiological identifier transducer attributable to 
a subject purporting to be a user and a physiological identifier in the first set. 

36. (Amended) A method of administering [registration of] personal information 
in a data base in a manner tending to assure integrity of data therein, the data 
base being of a type wherein a stored data set is established for each user and 
there has been obtained from each user with respect to such data a first set of 
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physiological identifiers associated with such user and included in the data set, 
the method comprising: 

a. obtaining from a subject seeking to modify information in the stored 
data set pertinent to such user a new set of physiological identifiers, and 

b. permitting the subject to modify such user's personal information in 
the stored data set only if it is determined, by recourse to the stored data set, that 
there is a sufficient match between at least one member in the new set and a 
corresponding member of the first set, so that the subject is authenticated as such 
user. 
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STATUS 

2. Applicant is a small entity. A statement was already filed. 

EXTENSION OF TERM 

3. The proceedings herein are for a patent application and the provisions of 37 C.F.R. 1.136 
apply. Applicant believes that no extension of term is required. However, this condi- 
tional petition is being made to provide for the possibility that applicant has inadvertently 
overlooked the need for a petition for extension of time. 

FEE FOR CLAIMS 

4. The fee for claims (37 C.F.R. 1. 16(b)-(d)) has been calculated as shown below: 



(Col.l) (Col. 2) (Col. 3) SMALL ENTITY 





Claims 
Remaining 

After 
Amendment 


Highest No 
Previously 
Paid For 


Present 
Extra 


Rate 


Addit 
Fee 


Total 


75 


Minus 52 


= 23 


x$9 = 


$207 


Indep 


7 


Minus 7 


= 0 


x$42 = 


$0 


First Presentation of Multiple Dependent Claim 




+ $140 = 


$0 



Total $207 
Addit. Fee 



* If the entry in Col. 1 is less than the entry in Col. 2, write "O" in Col. 3, 

** If the "Highest No. Previously Paid For" IN THIS SPACE (Column 2, Row 1) is less than 20, enter "20". 
*** If the "Highest No. Previously Paid For" IN THIS SPACE (Column 2, Row 2) is less than 3, enter "3". 

The "Highest No. Previously Paid For" (Total or Indep.) is the highest number found in the appropriate box in Col. 1 of a 

prior amendment or the number of claims originally filed. 



Total additional fee for claims required $207.00 



FEE PAYMENT 

5. Attached is a check in the amount of $207.00. 

Charge any additional fees required by this paper or credit any overpayment in the manner 
authorized above. 

A duplicate of this paper is attached. 
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FEE DEFICIENCY 

If any additional extension and/or fee is required, charge Account No. 19-4972. 
If any additional fee for claims is required, charge Account No. 19-4972. 



Date: January 28, 2003 



Jeffrey T. Klayman 
Registration No. 39,250 
Bromberg & Sunstein LLP 
125 Summer Street 
Boston, MA 02110-1618 
US 

617-443-9292 
Customer No. 02101 
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